Description

A DPIA (data protection impact assessment) is required if a process is likely to result in a high risk to the rights and freedoms of data subjects – any natural person (i.e. a living individual) whose personal data is processed by the organisation. Data subjects might be employees, contractors, etc., as well as customers.

This particularly includes activities that involve:

Using automation to make decisions that could significantly affect an individual;

Supervisory authorities will require a DPIA to be conducted for any processes that:

Involve the use of new technologies;

Use profiling or sensitive data to decide on access to services;

Involve profiling individuals on a large scale;

Involve biometric data;

Involve genetic data;

Match data or combine data sets from different sources;

Involve ‘invisible processing’;

Involve tracking individuals’ location or behaviour;

Involve profiling children or targeting marketing and online services at children; and

Involve data that might endanger the individual’s physical health or safety in the event of a security breach.

If an organisation is running any process that matches these descriptions, it must conduct a DPIA.

DPIAs are important tools for accountability. They not only help controllers comply with the GDPR’s requirements but also demonstrate that appropriate measures have been taken to ensure that compliance.

How will the DPIA tool help you?

Simplifies and speeds up the entire DPIA process.

Ensures your DPIA process meets the ICO’s requirements.

Helps you create a DPIA process and define the scope of the DPIA.

Produces a consistent approach for every DPIA.

Gives you the ability to share DPIA results with key stakeholders and the ICO.

Generates accurate reports on each DPIA conducted.

Enables you to export the results of each DPIA.

Watch our quick preview video to learn more about the DPIA Tool and how it can help you and your organisation.

Key Features

Simple and efficient

Quickly determine whether a DPIA is required.

The built-in wizard guides you through each step of the process to assess asset-based risks.

Easier to use than a spreadsheet.

Aligned with the GDPR

Aligned with guidance from both the UK's ICO (Information Commissioner’s Office) and the WP29 (Article 29 Working Party – replaced by the EDPB (European Data Protection Board)), the DPIA Tool helps organisations meet the requirements of Article 35 of the GDPR. Controllers can demonstrate that appropriate measures have been undertaken to ensure GDPR compliance.

Standardised procedure

Conduct a comprehensive DPIA following a consistent approach across all processing activities.

Identify risks and devise how likely they are to occur and what impact they would have.

Technical specifications

An Internet connection and a compatible browser are required – the latest version of Chrome, Edge, Firefox or Internet Explorer.

Available on an annual subscription basis.

Licensed for up to five users.

Supported by Microsoft Azure data centres, which have industry-leading security measures and policies.

Includes regular updates to content and functionality.

Additional information

Offered on an annual licence basis. An invoice will be raised each year so that you can continue to benefit from updates and unlimited technical support.

The DPIA Tool can be integrated with other products on the CyberComply platform, including Compliance Manager and the Data Flow Mapping Tool. Purchasing all three products allows users to easily track their compliance project and apply the appropriate controls from the GDPR.

The integration clearly displays which controls have been applied to processes and which processes are governed by specific regulatory or statutory requirements.

Speak to an expert

If you have any questions or would like a demonstration of the DPIA Tool, please get in touch.